[Openid-specs-ab] Issue #1189: behaviour of unknown prompt values not clear / RP has no way to know if server supports prompt=create (openid/connect)

josephheenan issues-reply at bitbucket.org
Fri Sep 25 10:18:41 UTC 2020


New issue 1189: behaviour of unknown prompt values not clear / RP has no way to know if server supports prompt=create
https://bitbucket.org/openid/connect/issues/1189/behaviour-of-unknown-prompt-values-not

Joseph Heenan:

The account creation draft defines a new prompt=create value.

It’s unclear how this will be handled by existing servers \(which know nothing about prompt=create\), i.e. [https://openid.net/specs/openid-connect-core-1\_0.html#AuthRequest](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) does not define how servers should handle unknown prompt values.

Should there be some text in the prompt=create specification along the lines “RPs must only send prompt=create to servers they know support it” and/or should OpenID Provider Metadata be defined to indicate that prompt=create is supported?




More information about the Openid-specs-ab mailing list